Hi Askey 127,
Below are the contents of aswMBR.txt and OTL.Txt and Extras.Txt scanned files. The 65,536 temp files had launched this morning, so the scans were done with the files still in the Windows Temp folder. Don't know if that matters or not. All of your instructions were completed as requested in your 1st reply.
Thank You,
Stephen
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-04 19:13:07
-----------------------------
19:13:07.504 OS Version: Windows 6.0.6002 Service Pack 2
19:13:07.504 Number of processors: 4 586 0xF0B
19:13:07.504 ComputerName: STEPHEN-PC UserName: Stephen1
19:13:08.830 Initialize success
19:13:12.496 AVAST engine defs: 11100401
19:13:27.269 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
19:13:27.269 Disk 0 Vendor: NVIDIA__ Size: 476940MB BusType: 8
19:13:29.297 Disk 0 MBR read successfully
19:13:29.297 Disk 0 MBR scan
19:13:29.313 Disk 0 Windows VISTA default MBR code
19:13:29.313 Disk 0 scanning sectors +976771072
19:13:29.375 Disk 0 scanning C:\Windows\system32\drivers
19:13:37.550 Service scanning
19:13:38.735 Modules scanning
19:13:45.116 Disk 0 trace - called modules:
19:13:45.147 ntoskrnl.exe CLASSPNP.SYS disk.sys NVRD32.SYS hal.dll acpi.sys storport.sys NVSTOR32.SYS
19:13:45.147 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86aa4ac8]
19:13:45.147 3 CLASSPNP.SYS[8a7628b3] -> nt!IofCallDriver -> \Device\00000068[0x86182030]
19:13:45.162 5 NVRD32.SYS[8a73c6a8] -> nt!IofCallDriver -> [0x84a94c38]
19:13:45.162 7 acpi.sys[8a6506bc] -> nt!IofCallDriver -> \Device\00000063[0x85588890]
19:13:46.379 AVAST engine scan C:\Windows
19:13:50.638 AVAST engine scan C:\Windows\system32
19:15:40.883 AVAST engine scan C:\Windows\system32\drivers
19:16:05.219 AVAST engine scan C:\Users\Stephen1
19:44:01.594 AVAST engine scan C:\ProgramData
19:47:19.636 Scan finished successfully
19:48:44.728 Disk 0 MBR has been saved successfully to "C:\Users\Stephen1\Desktop\MBR.dat"
19:48:44.728 The log file has been saved successfully to "C:\Users\Stephen1\Desktop\aswMBR.txt"
OTL logfile created on: 10/4/2011 7:59:40 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Stephen1\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.26% Memory free
6.20 Gb Paging File | 4.84 Gb Available in Paging File | 78.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.40 Gb Total Space | 378.34 Gb Free Space | 83.08% Space Free | Partition Type: NTFS
Drive D: | 10.36 Gb Total Space | 4.49 Gb Free Space | 43.36% Space Free | Partition Type: NTFS
Computer Name: STEPHEN-PC | User Name: Stephen1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/10/04 19:57:35 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen1\Desktop\OTL.exe
PRC - [2011/09/24 11:09:26 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\SymcPCCULaunchSvc.exe
PRC - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccsvchst.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/11 11:00:04 | 000,093,752 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
PRC - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\ccSvcHst.exe
PRC - [2009/06/10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvSCPAPISvr.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/13 17:22:04 | 005,252,936 | ---- | M] (SpareBackup, Inc.) -- C:\Program Files\Spare Backup\SpareBackup.exe
PRC - [2007/07/05 20:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/07 15:34:26 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModPS2Key.exe
PRC - [2006/11/07 15:08:40 | 000,547,840 | ---- | M] () -- C:\Windows\zHotkey.exe
========== Modules (No Company Name) ========== MOD - [2011/08/11 08:56:55 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll
MOD - [2011/08/11 08:55:04 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5534465ace7f8b214a31a34f56280602\System.Web.Services.ni.dll
MOD - [2011/08/11 08:55:03 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011/08/11 08:54:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
MOD - [2011/08/11 08:54:55 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2d2ebc3015150594787564a55d5abe9\System.EnterpriseServices.ni.dll
MOD - [2011/08/11 08:54:55 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5e58f10757c91da0ac05161ca8e11e8b\System.Transactions.ni.dll
MOD - [2011/08/11 08:54:51 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccd064df52eb5479bf745ec2a7b74952\System.Security.ni.dll
MOD - [2011/08/11 08:54:50 | 002,510,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d6ae6d71281689587705eaed351b01d4\System.Data.SqlXml.ni.dll
MOD - [2011/08/11 08:54:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
MOD - [2011/08/11 08:14:29 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/11 08:14:15 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/11 08:14:07 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/11 08:13:56 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7ae4f4dbbfd301d5b5f3897b6ea433bf\System.Data.ni.dll
MOD - [2011/08/11 08:13:06 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/06/19 08:23:24 | 000,015,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\81bc126ce60194c5af7e6d4b1b03f6c1\Microsoft.VisualC.ni.dll
MOD - [2011/06/19 08:23:23 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll
MOD - [2011/06/19 08:16:18 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2009/03/29 21:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 21:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/01/10 02:06:36 | 000,708,608 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Web.Services2\2.0.3.0__31bf3856ad364e35\Microsoft.Web.Services2.dll
MOD - [2007/05/18 22:59:06 | 000,356,928 | ---- | M] () -- C:\Program Files\Spare Backup\sqlite3.dll
MOD - [2007/04/03 08:05:24 | 000,577,096 | ---- | M] () -- C:\Program Files\Spare Backup\System.Data.SQLite.DLL
MOD - [2007/04/03 08:04:54 | 000,183,880 | ---- | M] () -- C:\Program Files\Spare Backup\UberCrypto.dll
MOD - [2006/11/07 15:08:40 | 000,547,840 | ---- | M] () -- C:\Windows\zHotkey.exe
========== Win32 Services (SafeList) ========== SRV - [2011/09/24 11:09:26 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe -- (NIS)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/01/29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ========== DRV - [2011/09/29 14:35:11 | 000,816,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110929.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/09/13 19:40:55 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/09/13 15:29:38 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111001.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/09/13 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111004.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/13 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/09/13 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111004.004\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/08 16:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/02 19:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1301010.003\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/02 19:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/28 20:20:02 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\SYMEFA.SYS -- (SymEFA)
DRV - [2011/07/27 16:55:49 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/25 19:18:39 | 000,344,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1301010.003\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/07/25 19:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\SYMDS.SYS -- (SymDS)
DRV - [2011/07/25 19:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\Ironx86.SYS -- (SymIRON)
DRV - [2009/06/10 06:03:00 | 009,899,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 01:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/09/17 08:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/08/09 18:12:32 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\DRIVERS\NVRD32.SYS -- (nvrd32)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\DRIVERS\NVSTOR32.SYS -- (nvstor32)
DRV - [2007/04/08 20:47:12 | 000,401,408 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVer88xHD.sys -- (AVer88xHD)
DRV - [2006/11/02 00:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 00:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.com/g/startpage.html ... M=2905986R IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL =
http://www.gateway.com/g/startpage.html ... M=2905986RIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL =
http://www.gateway.com/g/startpage.html ... M=2905986RIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2804789063-2770223520-796147465-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2804789063-2770223520-796147465-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2804789063-2770223520-796147465-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/IE - HKU\S-1-5-21-2804789063-2770223520-796147465-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2804789063-2770223520-796147465-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2011/09/27 12:18:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2011/10/04 19:00:53 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2010/12/08 00:16:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.1.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.1.1.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
O4 - Startup: C:\Users\Marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2804789063-2770223520-796147465-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2804789063-2770223520-796147465-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809}
http://images3.pnimedia.com/ProductAsse ... ontrol.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D7419D7-C8F0-4FEB-969C-C17A19168AAA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Stephen1\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Stephen1\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/10/04 19:57:32 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Stephen1\Desktop\OTL.exe
[2011/10/04 19:09:36 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Stephen1\Desktop\aswMBR.exe
[2011/10/01 12:08:00 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/01 12:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/10/01 11:07:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Stephen1\Desktop\dds.scr
========== Files - Modified Within 30 Days ========== [2011/10/04 19:57:35 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen1\Desktop\OTL.exe
[2011/10/04 19:48:44 | 000,000,512 | ---- | M] () -- C:\Users\Stephen1\Desktop\MBR.dat
[2011/10/04 19:19:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/04 19:09:39 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Stephen1\Desktop\aswMBR.exe
[2011/10/04 19:04:27 | 000,081,692 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/04 19:04:26 | 000,081,692 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/04 19:04:21 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/04 19:00:34 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 19:00:33 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 19:00:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/04 19:00:28 | 3220,439,040 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/03 23:46:40 | 000,000,859 | ---- | M] () -- C:\Users\Stephen1\Desktop\World of Warcraft.lnk
[2011/10/01 12:08:00 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/01 12:06:58 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/01 11:07:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Stephen1\Desktop\dds.scr
[2011/09/30 23:03:50 | 002,003,289 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1301010.003\Cat.DB
[2011/09/21 20:43:09 | 000,002,609 | ---- | M] () -- C:\Users\Stephen1\Desktop\Microsoft Office Word 2003.lnk
[2011/09/21 19:18:35 | 000,004,349 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1301010.003\VT20110921.019
[2011/09/20 19:38:42 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/09/16 23:22:22 | 000,001,356 | ---- | M] () -- C:\Users\Stephen1\AppData\Local\d3d9caps.dat
[2011/09/13 19:40:55 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/09/13 19:40:55 | 000,007,510 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/09/13 19:40:55 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/09/07 22:15:47 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1301010.003\isolate.ini
========== Files Created - No Company Name ========== [2011/10/04 19:48:44 | 000,000,512 | ---- | C] () -- C:\Users\Stephen1\Desktop\MBR.dat
[2011/10/01 15:37:05 | 3220,439,040 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/01 12:06:58 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/01 12:06:57 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2010/12/08 00:10:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/08 00:10:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/08 00:10:01 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/08 00:10:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/08 00:10:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/03 22:39:58 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2009/09/17 19:44:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 19:44:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 19:43:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/27 18:07:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/25 11:23:40 | 000,081,692 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/25 11:23:35 | 000,081,692 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/10 06:31:04 | 000,089,088 | ---- | C] () -- C:\Windows\System32\nvimage.dll
[2009/05/26 20:09:07 | 000,116,842 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/03/27 22:22:07 | 000,001,356 | ---- | C] () -- C:\Users\Stephen1\AppData\Local\d3d9caps.dat
[2008/11/30 20:20:27 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/03/15 13:17:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/13 21:19:09 | 000,024,064 | ---- | C] () -- C:\Users\Stephen1\AppData\Roaming\UserTile.png
[2008/03/12 17:51:18 | 000,020,992 | ---- | C] () -- C:\Users\Stephen1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/10 22:56:37 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
[2008/03/10 22:49:54 | 000,148,981 | ---- | C] () -- C:\Windows\hpoins19.dat
[2008/03/10 22:49:34 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2008/03/08 17:29:03 | 000,038,868 | ---- | C] () -- C:\Windows\hpomdl03.dat.temp
[2008/03/08 17:29:03 | 000,029,156 | ---- | C] () -- C:\Windows\hpoins03.dat.temp
[2008/03/08 16:19:53 | 000,038,868 | ---- | C] () -- C:\Windows\hpomdl03.dat
[2008/03/08 16:19:53 | 000,029,156 | ---- | C] () -- C:\Windows\hpoins03.dat
[2008/03/08 11:16:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/03/05 20:00:34 | 000,000,102 | ---- | C] () -- C:\Windows\VSWizard.ini
[2008/01/10 01:53:06 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
[2008/01/10 01:53:06 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2008/01/10 01:53:06 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
[2008/01/10 01:53:06 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2007/10/12 01:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/22 15:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 11:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,336,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 17:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== LOP Check ========== [2010/04/23 20:15:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BitZipper
[2011/07/15 00:01:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2011/03/30 14:45:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Image Zone Express
[2011/07/15 00:01:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ParetoLogic
[2011/03/30 14:45:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Printer Info Cache
[2008/03/08 17:43:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SampleView
[2011/10/01 12:03:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spare Backup
[2010/05/17 17:38:50 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Image Zone Express
[2008/03/10 23:00:58 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Printer Info Cache
[2008/03/09 09:30:59 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\SampleView
[2011/05/26 22:13:30 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Spare Backup
[2010/04/23 20:03:40 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\BitZipper
[2011/05/27 23:33:52 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\DriverCure
[2011/03/30 14:50:54 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\Image Zone Express
[2009/04/23 18:43:11 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\Juniper Networks
[2011/05/27 23:33:51 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\ParetoLogic
[2008/03/13 21:19:09 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\PeerNetworking
[2008/03/12 17:49:44 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\Printer Info Cache
[2011/10/04 18:53:05 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\Sammsoft
[2008/03/12 17:54:18 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\SampleView
[2011/10/04 19:05:12 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\Spare Backup
[2010/07/17 16:24:06 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\Tific
[2011/01/29 23:29:25 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\Uniblue
[2009/04/23 18:43:13 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\WholeSecurity
[2011/10/04 18:57:28 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== < End of report >
OTL Extras logfile created on: 10/4/2011 7:59:40 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Stephen1\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.26% Memory free
6.20 Gb Paging File | 4.84 Gb Available in Paging File | 78.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.40 Gb Total Space | 378.34 Gb Free Space | 83.08% Space Free | Partition Type: NTFS
Drive D: | 10.36 Gb Total Space | 4.49 Gb Free Space | 43.36% Space Free | Partition Type: NTFS
Computer Name: STEPHEN-PC | User Name: Stephen1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20223725-64C5-4DCC-96A9-8D692616AFC1}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{2C6BFFE1-E5DA-4668-90E4-C39D730D1834}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{519D749D-415E-4178-963F-0A6871516214}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A2B12A1-C022-40E0-A88B-C0CA02EDA771}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{63B7CF03-3E17-46AF-AA28-698E0926EF5F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6651477B-112A-4306-952A-DA3F3FC2B6EF}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{A56B7C21-B666-4019-8B60-FC41983A9032}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{A5FBDF26-1703-4A6B-854E-DABAE3B129E8}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{BF2DC3B5-53DC-44B4-82E9-3AC443C2A8B4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D10A4E70-5E22-4054-9057-E5D04CC90F0C}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{D2D562D3-3F7B-4F54-B4BC-7939C4C40EC5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E6079F82-878D-4182-B6D2-F080D8B8DF91}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Help
"{1130592C-54AF-8E02-D781-2D9ABB6947A1}" = Universal Caller ID
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Hi-Def Suite
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{474A7BA6-A657-4152-8FB5-244D178D7174}" = HP Officejet 6500 E710a-f Product Improvement Study
"{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
"{61933675-EFC7-4190-90B6-5AD56E1D9294}" = Marketsplash Print Software
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{670A25D9-1029-4D4E-93FF-66B3C07769D6}" = HP Officejet 6500 E710a-f Basic Device Software
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVerMedia M791 PCIe Combo NTSC/ATSC" = AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.0.5
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"com.comcast.callerid.4C7707E731FA230A00265DE26809CEAF299D5FFD.1" = Universal Caller ID
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NIS" = Norton Internet Security
"NortonPCCheckup" = Norton PC Checkup
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"SystemRequirementsLab" = System Requirements Lab
"World of Warcraft" = World of Warcraft
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2804789063-2770223520-796147465-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Networks_Cache_Cleaner 6.4.0" = Juniper Networks Cache Cleaner 6.4.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 12/6/2010 5:47:41 AM | Computer Name = Stephen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4539
Error - 12/6/2010 5:47:41 AM | Computer Name = Stephen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4539
Error - 12/6/2010 5:47:42 AM | Computer Name = Stephen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/6/2010 5:47:42 AM | Computer Name = Stephen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5616
Error - 12/6/2010 5:47:42 AM | Computer Name = Stephen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5616
Error - 12/6/2010 5:47:46 AM | Computer Name = Stephen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/6/2010 5:47:47 AM | Computer Name = Stephen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8985
Error - 12/6/2010 5:47:47 AM | Computer Name = Stephen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8985
Error - 12/6/2010 11:30:46 AM | Computer Name = Stephen-PC | Source = System Restore | ID = 8193
Description =
Error - 12/6/2010 9:41:50 PM | Computer Name = Stephen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module mshtml.dll, version 8.0.6001.18975, time stamp 0x4c87263d,
exception code 0xc0000005, fault offset 0x00029e0f, process id 0xed0, application
start time 0x01cb95aeb35cb2e0.
[ Media Center Events ]
Error - 9/12/2008 1:50:47 AM | Computer Name = Stephen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 3/29/2009 9:32:09 PM | Computer Name = Stephen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 10/1/2011 5:15:27 PM | Computer Name = Stephen-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 10/1/2011 5:15:48 PM | Computer Name = Stephen-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 10/1/2011 5:15:48 PM | Computer Name = Stephen-PC | Source = DCOM | ID = 10005
Description =
Error - 10/1/2011 5:15:48 PM | Computer Name = Stephen-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 10/1/2011 5:31:33 PM | Computer Name = Stephen-PC | Source = DCOM | ID = 10005
Description =
Error - 10/2/2011 11:48:08 AM | Computer Name = Stephen-PC | Source = DCOM | ID = 10005
Description =
Error - 10/2/2011 11:48:09 AM | Computer Name = Stephen-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 10/2/2011 11:48:09 AM | Computer Name = Stephen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10/3/2011 12:08:16 PM | Computer Name = Stephen-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:04:04 AM on 10/3/2011 was unexpected.
Error - 10/3/2011 1:32:05 PM | Computer Name = Stephen-PC | Source = Service Control Manager | ID = 7011
Description =
< End of report >